Senior Application Security Engineer

Tangem is a high-tech company in the blockchain sector was founded in 2017, headquartered in Zug, Switzerland, with branches in North America, Eastern Europe, and APAC.

Tangem started with the idea of bringing digital assets to the masses using a unique combination of a smartcard-based hardware wallet and mobile applications. Company owns and promotes the technology of hardware cold-wallet for digital assets with secure and simple UX in 220 countries today. Our customers enjoy setup time within 1 minute with the ultimate security level for digital assets on their wallet. Tangem solutions offer multi-support of a growing number of thousands of tokens by a single wallet. SBI Crypto Investment Ltd., the digital asset venture investment company wholly owned by SBI Holdings Inc., has invested $15 million into Tangem in 2019 for mass adoption of blockchain technology.

About the role

We're looking for a Senior Application Security Engineer to help keep Tangem's products secure.

You'll focus on finding security issues in our web applications, backend services, and APIs before attackers do. You'll work closely with developers, review new features from a security perspective, validate bug bounty reports, and help improve our overall security posture.

This is a hands on role for someone who enjoys both offensive security and working with engineering teams to build secure products.

What you'll do

• Test web applications and APIs for security vulnerabilities using both manual and automated approaches.

• Review new features and services before and after release to identify security risks.

• Manage and tune application security tools such as WAF, API Firewall, Cloudflare, and similar solutions.

• Investigate and validate bug bounty submissions.

• Work with developers and QA engineers to improve security testing practices.

• Deliver practical security training and guidance to engineering teams.

What we're looking for

• 3+ years of experience in Application Security, Penetration Testing, Offensive Security, or a similar role.

• Practical experience finding vulnerabilities in web applications and APIs.

• Experience with Cloudflare security products (WAF, API Shield, etc.) or similar technologies.

• Experience using vulnerability scanners, DAST tools, and other security testing solutions.

• Experience with at least one programming language such as Python, Go, or JavaScript.

Nice to have

• Experience participating in bug bounty programs (HackerOne, Bugcrowd, Google VRP, etc.).

• CTF participation or other practical offensive security activities.

• Security certifications such as OSCP, PNPT, eWPT, or similar.

• Experience integrating security testing into CI/CD pipelines.

Success Metrics

• Reduction of critical and high risk application security findings.

• Increased security coverage of applications, APIs, and release processes through reviews, testing, and protection controls.

• Timely and effective handling of security incidents, bug bounty reports, and engineering security requests.

What we offer

• Stability, growth, participation in shaping the future unicorn.

• Remote work from any location.

• Competitive salary in EURO/USDT.

• Unlimited vacation.

• Compensation for the purchase of necessary technical devices for the work.

Hiring Process

• 30 min Interview with a Recruiter

• 1 hour Technical Interview with CISO of Tangem

• Offer